How North Korean Hackers Steal Millions in Crypto by Pretending to Be Your Next Recruiter

Security Researchers dive into how North Koreans have stolen millions of dollars worth of crypto by imitating tech/IT professionals. At the recent Cyberwarcon, an annual cybersecurity conference, several researchers revealed the extent to which North Korean hackers have impersonated venture capitalists, recruiters, and remote IT workers to steal billions of dollars in cryptocurrency and sensitive private corporate information.

James Eliott, a Microsoft security expert said North Korean operatives have infiltrated “hundreds” of global organizations by creating false identities. Researchers warned of sustained efforts to pose as prospective employees seeking work at multinational corporations, to help the regime earn in ways to circumvent sanctions and steal corporate secrets to aid the nuclear program. The trend towards remote work since the Covid epidemic has eased the path for many corporate spies, as it is not unheard of for an employee to be hired without ever physically visiting a workplace.

One group of operatives is known as Sapphire Sleet. They pose as recruiters and venture capitalists, tricking victims into downloading Malware. Imposters will pressure victims into downloading malware, disguised as a tool to fix a broken meeting room, or as recruiters they will ask victims to download malware disguised as a skills assessment. Once downloaded the malware can access other material on the computer such as cryptocurrency wallets. Microsoft says North Korea has stolen at least US$10 million of cryptocurrency using this method.